General Data Protection Regulation
Datos101 handling of information comprises the following aspects:
- Privacy Notice: Only authorized personnel may have access to the information.
- Integrity: Adequate processing and monitoring methods are available to ensure data integrity
- Availability: We guarantee that the information is available to your users when required.
- Traceability: Data101 records where the data came from, who had access to it and with whom it was shared.
- Security: All data is encrypted at source before leaving the device, we generate an encryption key of 256bits (recommended by the LOPD) which is exclusively held by the data owner.
The aim of this new General Data Protection Regulation (RGPD or GDPR), which comes into force on 25 May 2018, is to standardize privacy laws for all companies and citizens in Europe and to legislate the way companies work with their customers' data.
This new regulation affects various aspects of how companies collect, use, store and use data, always bearing in mind that the customer is the sole owner of his or her data.
With an increasing boom in services aimed at keeping information in the cloud, companies must ensure that this information is fully protected, and their service providers must ensure that they meet all requirements for data processing by owning a network and storage centers with strict security and hosted in countries allowed by the new law.
Datos101 datacenters are ISO 27001 certified (Information Security Management Systems)
What further action is Datos101 taking to adapt to the new regulation?
- Appoint a DPO (Data Protection Officer) who will actively and proactively monitor and enforce compliance and advise, supervise and act in accordance with the new law.
- Create a traceability record of the acquisition and destination of the stored data.
- All your clients will be able to exercise the right to be "forgotten" by simply sending us a request to our corporate email and we will delete all their data according to the law.
- Carry out controls and risk assessments as well as notifying the user and the authorities of any security breaches.
- Obtain the necessary authorizations for communication with our customers and suppliers.
- Continuous training of all our employees on information security and data protection issues.